Tips & Advice

How to detect and remove a virus from your Android phone

Jas Dhaliwal, 19 September 2018

Android malware comes in all shapes and sizes; here’s how you can defend your smartphone against it.

In Part 1 of The Avast Guide to Android Apps, we covered all the common malware and how to deal with it. In part 2 of our ongoing series, we take a closer look at the murky world of Android viruses, how they can infect your smartphone, and what you can do to amp up its immunity against them. Before we dive in, let’s start with a bit of history.

The first mobile virus

Back in the day, the mobile virus was considered somewhat of a myth: PCs got viruses, smartphones didn’t was the prevailing thought. However, this illusion of safety was shattered in 2004 after a Czech Republic and Slovakian group called 29a created a virus called Cabir and sent it as a proof-of-concept to several professional cybersecurity labs.

When installed, the virus - a network worm - would infect Symbian and Series 60 OS through an active Bluetooth connection and display the word “Cabir” on the infected phone’s screen. Being simply a proof-of-concept, it didn’t cause any damage.

Unfortunately, the Pandora’s box had been opened: malicious actors realized there were opportunities to cause mayhem. In the aftermath, more dangerous iterations have surfaced. Some of these include:

  • SymOS/Kiazha.A — a ransomware Trojan that targeted Symbian OS and deleted incoming and outgoing SMS messages.
  • CommWarrior — a virus that resets the phone on the 14th of every month. Skull imagery installs as a theme package, but the file goes on to disable programs and applications. It also turns all the icons on the phone into Jolly Roger or jigsaw images.

Many such threats have emerged since smartphones have become popular, and many more continue to surface every day. Since cybercriminals are constantly coming up with new ways to trick users into installing their malware, your best bet is understanding how these threats operate. 

Types of mobile viruses

Android viruses come in many flavors, each with its own quirks and entry vectors designed around a certain vulnerability. The following are the most common:

  • Spyware — This type of malware is designed to stealthily pick up information from your phone, and transmit it back to the C&C (command and control server). Spyware comes disguised as legit applications, which is how the cybercriminal tries to fool the user into installing them. Once installed, they start recording information including SMS/text messages, URLs being browsed, application activity, keys being pressed, usernames, and passwords.

  • Ransomware — This malicious program encrypts and locks up your important files, then offers to release them only if you pay a ransom. Spoiler alert: They almost never release the files. But given that so many users have very important data on their smartphones, the impulse to give in and pay is strong. (But don’t do it!)

  • Worms — These are the most aggressive type of Android phone viruses. Designed to endlessly reproduce themselves, worms don’t need any user interaction in order to execute. They generally arrive via SMS, MMS, or other digital media.

  • Trojans — These piggyback on legit applications and infect your phone once it has been installed. Unlike worms, trojans need a user to install them before they can carry out their actions. Once activated, trojans can deactivate certain applications or lock-up your phone for a certain period of time.

Android Vs iPhone infections

Much like the Windows vs macOS debate, Androids and iPhones have different and distinct vulnerabilities to malware. While for years iOS was considered immune to malware, recent attacks have proved that this illusion of invulnerability isn’t quite accurate. Unfortunately, Android users are at a greater risk of contracting malware infections because there are multiple marketplaces on the web apart from the Google Play Store that distribute Android apps. Some are secure sites, others are not.

iOS apps, on the other hand, can only be downloaded from the official Apple App Store, which uses some of the most robust security measures in existence. Apps on iOS are also sandboxed, meaning they cannot interact with other applications or with the OS past a certain point.

Apps on Android are sandboxed, too, but to a lesser extent. Android may be the world’s most popular mobile phone operating system, but it struggles with updating all of its users to the latest secure version of its operating system. That being said, iOS and Android users are susceptible to phishing attacks through email or even through SMS messages. Using an antivirus solution like Avast Mobile Security will go a long way toward ensuring your devices are never compromised.

How can you tell if your phone has a virus

Knowing whether your phone has been infected can get tricky, but certain Android virus symptoms stick out like a sore thumb. Here’s what you should look out for:

●       Apps that crash … a lot — Some apps tend to crash from time to time. However, if you find multiple apps crashing far too frequently, you might be dealing with an Android phone virus.

●       Increased data usage for no apparent reason — Finding your data limit has dropped far more than expected after bingeing on a GOT season is understandable. But what if the same happened after your phone has been just sitting in your pocket the whole day? Might be time for a checkup.

●       Ads keep popping up — Those annoying ads can be blocked easily with browsers like Opera. But if they start popping up when there are no apps running, then the ugly truth may be that you have an adware infection.

●       Battery drains in no time at all — Since most mobile viruses are not optimized, they tend to drain your battery faster than other legit apps.

●       Your phone bill is through the roof — Similar to high data usage, a sudden, unexplainable increase on your phone bill is a perfect Android virus warning.

●       Unfamiliar apps — Many of us do not usually bother running a check to see if that cool new app is legit or not. Such an oversight can prove costly as you might inadvertently give a fake app the keys to your phone kingdom.

●       Phone starts overheating — While there may be various reasons why your phone is overheating, malware is often one of the chief culprits.

Where viruses come from

To make sure none of the above ever happens to you, it’s crucial that you know how mobile malware makes its way into your phone. There are four venues viruses come from:

  •   Infected applications — The most common MO of hackers, popular applications are repackaged with the malware and then distributed through app stores. Oftentimes, cyber-criminals will come up with completely new applications designed specially to trick users into installing them.

    ●       MalvertisementsMalvertising is the practice of inserting viruses in ads that are distributed through ad networks. Simply clicking on an ad can trigger a virus download, infecting the device.

    ●       Scams — Users are sent links to infected web pages that contain malicious code. Simply visiting the page can start a virus downloading to the phone (unless it is protected by an antivirus software).

    ●       Direct-to-device downloads — The least likely type, direct-to-device infections require the hacker to attach a targeted device to another, and manually install the malware to it. This is the stuff of much high-profile corporate espionage.

Running a trusted antivirus app

What exactly makes an antivirus app trustworthy? For that matter, what makes one antivirus app any better than another and what features, if any, are worth paying for?

Start with the source

When you download your antivirus app, make sure you’re going through a reputable website. The last thing you want to do is jeopardize your own device in an attempt to do the exact opposite.

Your best bet is to hop onto Google Play and search for an antivirus app that way. But keep in mind that antivirus apps are common - so common that there might be virus-ridden malware applications hiding inside them.

The irony of malware-laden security apps is not lost on us, but it’s an unfortunate reality of the world we live in. On multiple occasions, hackers have created fake pages or distributed links via social media channels to malware masquerading as seemingly legitimate antivirus apps.  This makes it critical to ...

Do your homework

Even among trusted antivirus, you’ll find a multitude of options claiming to be the top-rated tool for protecting your personal data and hardening your device against security threats. Many of them will advertise a free version to boot.

A good place to start when thinning the herd is to look at third-party labs like AV-TEST and AV-Comparatives. These organizations independently test antivirus apps and publicly post the results to help consumers make informed decisions about which antivirus app they ultimately download. (The free Avast Mobile Security for Android always earns high marks.)


Avast Security Pro

Choose between a paid and free version

In most circumstances, a reputable antivirus developer’s free version will suffice. Avast Mobile Security for Android, for example, will protect against against viruses, malware and spyware. It will also scan apps to sniff out trojans and other infections. As a general rule, you shouldn’t have to pay a premium to be protected against cyberthreats.

Avast’s free antivirus app supports additional features including RAM optimization, a call blocker, anti-theft (which includes the ability to locate and remotely lock a lost or stolen phone), junk removal, download and upload speed checks, and real-time security monitoring for Google Chrome.

The benefits of purchasing a paid version vary between developers. Add-on functions might include app lock, which lets the user require a PIN, fingerprint or other authentication token in order to access sensitive applications. Other for-pay features may include a VPN and the ability to access geo-restricted content.

For the intents and purposes of the casual, everyday user, though, a robust, free antivirus app should do the trick.

Pro tip: Go with an antivirus app that automatically updates virus definitions. This ensures that you’re always protected against the latest threats.

How to remove a virus from Android phones

So, your worst fears have been confirmed, and all signs point to a virus infection. Your phone isn’t doomed just yet! Here are some methods that will help you rid it of that pesky pest in no time.

First things first: Run your antivirus scan

Presuming you’ve done your homework and selected a reliable antivirus app for your Android device, a single tap of the “scan” button should confirm or deny your fears.

Once you’ve completed your scan, work within the user interface to resolve any risks that may have been uncovered.

Manually remove the virus from your phone

In cases where, for whatever reason, antivirus software may prove ineffective, you can try to uninstall the malware manual:

Step 1 — Put your phone into Safe Mode. Doing so deactivates any apps from running, including malware. Some Android phones will let you Reboot in Safe-Mode, some other phones need a few extra steps to do so.

Step 2 — Once Safe Mode is activated, go to Settings > Apps > Downloaded Apps. Look for the app or apps you don’t think belong there. The best place to start is with the apps you installed just before your phone started acting suspiciously.

Step 3 — When you’ve found the apps, tap Uninstall to delete it for good. Oftentimes, virus-ridden apps will disable the uninstall button, in which case…

Step 4 — Go to Settings > Security > Device Administrators. See if the app is featured on the list there. If it is, simply click Deactivate to remove its access privileges. Now, go back to the app in Downloaded Apps. The Uninstall button should be tappable now.

If all else fails, a factory reset might be your final option. Just remember that doing so will delete all apps and app data from your phone, which is why it’s a good idea to set up periodic data backups.

To reset your android phone:

Step 1 — Go to Settings > Backup & Reset > Factory Data Reset. Now tap Reset Phone.

Step 2 — Enter your passcode as requested to continue.

Step 3 — Reboot your phone.

Step 4 — Restore any backup you made before installing the troubling app.

Focus on keeping your device protected

While due diligence is always advisable, you should consider adding as many layers of security as possible. An updated antivirus app such as Avast Mobile Security for Android can go a long way toward ensuring your device never gets infected. Not only does it scan files and apps in real time for malware, but it also boosts speed by disabling unnecessary tasks.